Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
925
Views
0
Helpful
0
Comments

The Internet traffic to the Websense server gets blocked by the PIX/ASA firewall configured with the url-block block command

TCC_2
Level 10
Level 10

‎06-22-2009 04:06 PM - edited ‎03-08-2019 06:12 PM

Core issue

This issue is due to the presence of Cisco bug ID CSCse55931.

This problem occurs when the firewall is configured to filter URLs through Websense or N2H2 and has the url-block block command enabled, then available 1550 byte blocks can deplete. This results in a disruption of communication between the firewall and the Websense server.

When this issue occurs, the PIX/ASA firewall does not send the URL Lookup_Request or Status_Request to the Websense server, which results in HTTP traffic blockage.

Resolution

In order to resolve this issue, disable the url-block block command.

The url-block block < block_buffer > command creates an HTTP response buffer in order to store web server responses while it waits for a filtering decision from the filtering server. The permitted values range from 1 to 128. This specifies the number of 1550-byte blocks to use.

This issue is fixed in PIX/ASA firewall version 7.2(2) and later, which can be downloaded from the Software Download Center.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents